Why we don't change Unix login names for people

March 9, 2014

Every so often as system administrators we are a bit lazy. Or perhaps you could say that we are a bit sane. One of those cases here is that we do not, ever, change people's Unix login names. If you really want or need a change in login name, what we tell you to do is request a new account with the right login name, then transfer all your files to it and tell us to delete the old login.

(Users can set up their own email redirection from the old login to the new one, assuming they want to.)

In theory changing a Unix login name is easy; all you need to do is edit /etc/passwd to change it (both in the login name and in the home directory), then rename the home directory itself. Except we should probably change the login name in secondary groups in /etc/group. But we're not done, because users have a second home directory on our web server; we need to change that.

Unfortunately we've only started. Right now we have six separate machines that run Samba, all with separate Samba password files. I'm not exactly sure how you rename a Samba login but we'd have to do it on all of those machines. We also have at least a dozen machines where users might have crontab files (but probably don't). If you rename a login you need to rename the crontab file (as far as I know) so we'd have to check all of them and fix anything we found. The login being renamed might also have a user managed webservers that uses a URL under the user's web pages; that would need to get renamed.

This is quite a list and I'm not even sure that I've thought of all of the places where the user's login name might be hiding in our environment (and yes, I'm ignoring at jobs for the moment). In theory we could try to do all of this and make sure not miss a single thing. In practice it is much easier and much more reliable to get people to use our well-honed and frequently used procedures for creating and deleting accounts.

(We make accounts all the time and delete them periodically. We might 'rename' a login once a year.)

Can things still fall through the cracks, especially if the person getting the new login name doesn't notice? Certainly. But one subtle advantage here is that we aren't promising more than we can really deliver. If we promised to rename an account you might reasonably expect that all of this additional state would get transferred. Since we're merely making a new account it's clear (at least in theory) that additional state is something you have to worry about.

PS: A pragmatic side advantage of this approach is that we don't push back against who people want login name changes in the way we might if doing a login rename was a lot of manual work on our part. There actually used to be a policy that we just didn't do login renames short of acts of very high powers; that went away when we decided to do them the easy way. Nowadays it is more 'you want to change your login? well, sure, you'll be doing most of the work' (although we don't say this on in our support documentation).

Written on 09 March 2014.
« Why I think 10G-T will be the dominant form of 10G Ethernet
Solaris gives us a lesson in how not to write documentation »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Mar 9 01:32:57 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.